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Transaction Method with a Mobile Device 

This invention relates to a method and a system for transmission of orders 
in a telecommunications network. The invention relates in particuJa/, but not 
5 exclusively , to the transmission of orders in a mobile radio networic 

According to the slate of the art (hus far, transactions between a customer 
(or client, C) and a terminal [peint-oMransaction (POT)], for example a point-of- 
sale (POS), are often canted out with an electronic payment card. Debit and 
credit cards are used, for example, at cash points in shops, at gas stations, etc. 

to The card usually comprises memory means, few example a magnetic strip and/or a 
chip, in which the identification or the customer, inter alia, is stored. To carry out 
a transaction with the owner or operator of a terminal, for example to pay for an 
article in a shop, the customer has lo push his card Into a suitable card reader in 
ihe terminal. The terminal ihen reads (he identification of the customer in (he 

15 card, establishes and displays Ihe amount to ba paid, checks, if necessary, the 
solvency of ihe customer, and asks the customer to confirm the transaction with a 
confirmation key on (he terminal. If the customer is solvent and has given his 
confirmation, the customer identification, <he amount to- be paid, and possibly sfao 
e terminal identification are trans/niUed to a finance server connected with the 

in terminal through a telecommunications network, which server is administered by g 
financial institution. The aocounl of the customer wjlh this financial institution is 
accordingly debited immediately or later. 

Disadvantageous with this method is Ihe necessity of having to push Ihe 
card of the customer into a foreign device. The customers normally do not have 

is their cards at hand, but rather, for example, in their wallets; a very fast transaction 
is thus not possible. Afso sometimes (he aperture for insertion of the card into (he 
reading device of the terminal is not easily accessible; this is especially the case 
when the terminal is a ticket machine for parking garages or a payment machine, 
which is supposed to be operated by fte automobile driver without getting Out of 

30 Ihe car. Moreover fraudulent acts or unauthorised readings of (he memory areas 
of (he card can ba carried out in Ihe terminal. 
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Even if certain chipcards nowadays contain a microprocessor, these debit 
cards and credit cards are essentially passive elements which store data that is 
memorized and used essentially by the efectronfcs of the terminal. The customer, 
on tfte other hand, usually has no opportunity of drrect access lo the data without 
s going lo a counter or lo an automatic machine of the respective financial 

institution which issues the cart. If is therefore difficult for the customer lo check 
(he transactions osjrriad out with (he card and to keep a record of them. 

These cards oontain a customer identification, however, which only allows 
the customers to be identified at lha issuing financial instiUition. Thus a card can 

iu normafly only be used for a financial transaction if tha customer and the terminal 
operator are associated wilh the same financial insfitution. On the other hand, 
use of the card for other types of transactions - for exan\ple for non-financial 
transactions for which reliable identification of the customer/ card holder is 
necessary, however - is not foreseen. Owning a large number of cards for every 

15 type of financial and non-ftnancia1 transactions is therefore unavoidable for the 
customer, for example severer debit cards or credit cards, which are administered 
by various finanoiaJ institutions or chains of stores, or subscription cards or 
access cards for protected zones. These cards are usually protected by various 
pin codes; which the customer must laboriously roemorto, 

20 In the case of theft or a fraudulent act using the card, the card must be 

disabled, The disabling cannot take place, however, until the card has been 
inserted Into a corresponding device. The common oredTt cards can continue to 
be used, however, in manually operated apparatuses; a secure blocking of the 
card is thus not possible, 

u Besides debit cards and credit cards, so-called encash cards (value cards) 

are also known, which enable monetary amounts to be stored electronically, which 
are then accepted at various terminals as means of payment. To provide these 
cards Bgsin with monetary amounts, (he customer must go to the counter or 
machine of a financial institution, which is not always possible. 
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The patent document WO 97/14124 describes a system which make* 
possible <l» electronic ordering and paying for of services over a leleoomnHmi- 
calions rvstgvorK for example the public switched telephone network (Public 
s Switched Telephone Netwrk, PSTN) or a GSM mobile network (Global System 
far Mobile Communication). In the system according to WO 97/14124 a user can 
request services from a service unit by means of a communications terminal,- for 
example a conventional telephone or a mobile radfo telephone, end by meen9 of 
dial pukes via e system with spoken menu control. To pay for Iheee services a 

iu 'smart card 1 j$ used, which rs coupled to the communications terminat via an 
interface, and which transmits, via a connection of (his communications terminal 
with a transaction unil. payment information to this transaction unit, a prepaid 
amount stored on Ihe card being reduced, which according to WO 97/14124 can 
also be reloaded. The "smart card 4 can also comprise user identification so that 

is in future during a payment an account of the respective user can be debited. 

The patent document WO 87/16553 describes a system with mobile 
terminate, via which a user with a ,a Bmarl card" which stores a user identification 
and a monetary amount, can call up financial information and carry cut financial 
transactions, the mobile terminal being connected to a financial institution via a 
an mobile radio network. 

In Ihe patent document WO S&V13B14 a real time payment system is 
described in which oustomere of a bank can call up financial information and pay 
bilfs with their mobile radio telephone in that they exchange account and payment 
information by means of SMS messages or via a telephone cormaclion with a 
25 computing station of a bank. 

One object of the present invention Is to propose a method or system which 
allows Ihsse problems to be avoided 
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A further object of the present invention is lo propose a transaction method 
which is suitable both for fineness* as well as for norlands I transactions, and 
which is simpler and more reliable than the common transaction methods. 

These objects are attained according to (he present invention through the 
\ elements of the characterizing part of the independent claims. Further preferred 
embodiments follow moreover from the dependent claims and the description. 

fn particular these objects are achieved through a transection method 
between a customer and a lerminaf (for example a point of sale, FOB) connected 
to a telecommunications network, which method comprises the features of the 
10 independent clai ma . 

The present invention wilt be more comprehensible with the aid of the 
description given as an example and illustrated through the attached figures: 

Figure 1 show* e block diagram, which shows tha information flow in a first 
embodiment of the system according to the invention, the customer being 
1 s equipped with a mobile radio telephone, preferably a GSM or UMTS mobile 
device, which can receive end transmit special short messages, 

Figure 2 shov/s a block diagram which shows the information flow in a 
second embodiment of thB system according to the invention, the customer being 
equipped with a mobile radio telephone, preferably a GSM or UMTS mobile 
zu device, which can receive and transmit special short messages, and the terminal 
being an internet or Intranet-capable device. 

Figure 3 shows a flow chart of a payment transaction method according to 
the invention. 

Figure 4 shows a flew chart or a reloading transaction method of a SIM 
35 cord, according to (ho invention. 

The method represented in Figures 3 and 4 can be carried out with any 
system variant, shown, for example, tn Figures 1 and 2. The first and the second 
variants both require a mobile radio telephone with a SIM card and an additional 
infrared of inductive interface, which will be described more closely later. 
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FiQure 1 shews the information flow fn «* (irsi embodiment of (ha invention. 
The customer >6 equipped v/tUi a mobile radio telephone which comprises a 
mobile device, for example a GSM or UMTS mobile device 1 and an identification 
modulo 10, B.g. a SIM card. The number 1 1 designate* en operating umf, 0.9. a 
9 keyboard. The customer is identified in the mobile radio network 6 with an 
identification module TO. The SIM card has a conventional microcontroller 100, 
wfcich Is embedded in the plastic supporting base of the card and which is 
responsible for the GSM functions of the card - each a$ ana described, for 
example, in the article "SIM cards" by T. Grigorova and J. Leung, which appeared 

in in tha Tetacommvnication Journal of Australia, vol. 43, No. 2, 1993, on pages 33 
to 38 - and for new functions which are loaded onto fho SIM card a* a later point 
in time. The SIM card can preferably be a JAVA-capable card, i.e. a card with a 
processor whibh can carry out the instructions in the JAVA programming language 
(or in another object-oriented language). $JM cards according to the Opencard 

1.1 concept of IBM can also be used. The SIM card ha$ in addition contact means, 
not shown, via which the card communicatee with the mobile devioe 1 in which it 
is inserted. 

The SIM card has moreover e second processor 101 (CCI, ConUtctfree 
Chipsard Interface), whtdh is responsible tor the oontactless connection with the 
xo POT device 2. The second processor carries out, inter alia, Ihe TTP (Thrust ed 
<sic. Trusted* Third Party) functions, described further below, to receive and 
transmit encoded and signed messages. A logical interface 102 connects the two 
processors 101 and 102. Optionally a single processor could replace these two 
processors 101, 102. 

33 The contacttaes interface with the terminal 2 can have, for example-, at least 

one inductance (not shown) integrated into the SIM card and connected (0 the 
second processor 101, with which data are transmitted inductively in both 
directions vja a radio patfi. In a variant, an inductive coil can also ba Integrated 
into the housing of tho mobile devioe. In still a further variant, tho oontactless 

30 interface comprises an infrared transmitter-receiver on the housing of the mobife 
device. In a further variant, the contactless interface is integrated into an 
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extension modulo, which can be removably connected to the mobile device. The 
contaotle** oommurticelion between the two devicea is preferably encrypted, for 
example with a D£A, DES, TOES, RSA or EEC security algorithm. 

The conlactlass Dcmmunication is based preferably on a named standard. 
5 for exarrpia on tha l/DA (Infrared Data Association) protocol. Error decking and 
error correcting means ara preferably used for this communication Terminal 
identification means are preferably used in addition to establish reliably a 
connection with just one particular terminal, should b plurality of terminals, e.g. 
several mobile devices and/or several terminals, be combined in a room 

jo With an inductive signal transmission from tha tormina) to the chipcarcf, a 

phase modulation method is preferabfy used, whereas in the reverse direction, 
preferably (he amplitude of the signals is modulated. 

The SIM card preferably contains a special field iOUl (International OobW 
User Identification), with which the customer is identified by the terminal operator 

15 and/or by a financial institution The IDUI identification is preferably stored in a 
first protected memory area of one of (he two processors 101, 102. The IDUI 
contains at least an identification of the network operator, a user number which 
identifies tiirn from other customers with the same .network operator, a user da&e 
indication which defines which services he may use, and optionally in addition a 

ui country identification. The !DUt oontain* moreover security data, inter alia a 
transaction counter Tz. a leading token LT ft and e lime-out field TO, which 
indicates the validation time. The function of these different data will be explained 
later. 

The SIM card contains in addition a $eoond. protected memory area in 
35 which electronic monetary units (monetary amounts) can be stored. 

The symbolicalfy represented lermina* 2 is likewise provided with a 
contactless transceiver 20, for example with an inductive coil or with an infrared 
transmitler-neceiver. Thanks to this interface, (he mobile system 1,10 can 
oommunicate in a oontactiess way with the device 2 in bolh directions. 
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The terminal 2 can bo, tor example, a point-of-sale (POS) in a shop 
specialty equipped with a radio interface 20, end is identified with a special field 
POSID (Point of Sale Identification). The POSJD depends upon the application; in 
(ha case of a shop cash point, il contains an identification of fta network operator, 
;s an area identification (sub-region in a country), a POS number which identifies il 
from other POS with the same nelwcrk operator, a POS class indication which 
defines which services it may use* or offer, (he date, the time, the currency used 
{SDR, Euros or dollars), and optionalJy, in addition, a country indication. 

Tha terminal 2 ra preferably provided with data input maans, no! shewn, for 
10 example with a keyboard, and with data display means, nol shown, for example 
With a screen. 

The 1DUI identification is transmitted to the terminal via the conlaciless 
interface 10/101, and is linked in the terminal with the POSID and with the 
captured transaction amount A, so that an electronic transaction dormant is 
t s produced, whi ch i g signed end encrypted with a TTP [Trusted Third Party) or PTP 
(Poinl-To-Poim) method. 

The transaction documenl is then transmitted via a modem, not shown, and 
through (he communications network 5, for example through a public switched 
telephone network to the clearing unit 3, likewise connected to the network 5. 

20 This unit receives (he electronic documents from various terminals 2, 

independently of Che country or communications region, and independently of tho 
country or financial insUtuticn of (he customer. In Iha clearing unit 3 these 
transaction documents are ordered according to financial institution, possibly also 
according to operator, and ara delivered to the service center 4, 4', A" of the 

25 respective financial institution Clearing units in themselves are already known in 
the GSM technology, and are used, for example, for collecting and for further 
distributing connection cosls. Tha clearing unit cen contain, for example, s data 
base which indicates with which financial institution the customer, previously 
identified with his IDlrt, is affiliated. 

id Theelecironic transaction documents handled by the clearing unit 3 are 

passed on to the service oenter 4, which has preferably a finance server. In the 
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finance server the submitted transact documents are first decrypted and stored 
in an intermodiato memory 43, A balance management module- 42 then credits 
the transaction document signed by the customer to the corresponding bank 
accounts 420, 420' andtor 420" of the terminal operator. These accounts can be 
S administered by trie same or by another financial institution. The balance 
management modulo moreover carries oul contra* entries to the account of Ihe 
customer. Tho control account 41 of the customer at (he financial institution is 
correspondingly debited, or the transaction data are stored for a later check. The 
finance server contains in addition a TTP server 40 in order to sign and ancoda 

io documents and messages wfth the TPO (Thrusted <sic. Trusted* Third Party) 
algorithm. Furthermore each finance eerver 4 is connected to a SJM server 70, for 
example a SICAP server. The SICAP method was dasoribed in tho patent EP 599 
358, inter alia, and permits data files, programs and also monetary amounts to be 
exchanged between (he SICAP server 70 and Iha SIM card 10 in tiie mobile* 

15 device 1 via the pubfic GSM network 8 (arrow 60}. Other transmission protocols 
can also be used for (he data transmission between the SIM server and the SIM 
cards. Money can thereby be reloaded onto the SIM card 1 0, for example, as 
described mora closely later. The SIM server 70 makes possible moreover 
controlled communication between Ihe customer and the TTP server 40 at the 

20 financial institution. 

Figure 2 shows the information flow in a second embodiment of the 
invention. In this variant the customer is likewise equipped with a mobile radio 
telephone, for example v/ith a GSM radio telephone 1 with a SIM card, preferably 
with a SiCAP-capable SIM card and/or with a JAVAcapablo card. An Inductive or 
35 infrared interface is likewise contained in the mobile system 1 , with which a 
contaciless connection can be carried out with the terminal 2. Data end/or 
programs can be exchanged in Ihe mobile system in this way between the 
terminal 2 and the SIM cana 10. 

The terminal 2' in this case, however, f« a computer, which is preferably 
id connected to a network, for example in the Internet or an Intranet. Various pieces 
of information or offers, for example product offers, can be offered, for example 
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wfth a suitable menu on the eonsen of the computer 2. The customer can control 
this computer with his mobile device. Far example, he can control Ihe positron of 
tha cursor in a menu of products or Information ottered for sate by actuating Che 
cursor movement keys on the keyboard 1 1 of hfs mobile telephone. The cursor 
3 movement mstruclfona are transmitted via the contactles* interface 101 , 20 to the 
computer 2'. The user actuates a confirmation key, for example the key # on his 
keyboard, fn order to confirm the selected menu option, for example to ojdBr a 
product 

The oustomer identification stored in the mofaife device 1, 1 0 is rinked, in an 
jo electronic transection document, v/ith Ihe POSFD and with the transaction Bmount 

corresponding to selected menu option, is TTP or PTP encryptad and signed. 

The transaction document contain* preferably a customer identification IDUl taken 

out of the SIM card 10. e supplier identification corresponding to the dialed menu 

option, and a product identification corresponding <o the diaied menu option, 
is preferably tn Flexmart forma* as proposed in lha patent application 

PCT/CH96/0O464, This document is established through a Flexmarl module 21. 

The Flexmart module is preferably a software application can-Jed out by the 

computer 2*. 

Analogously lo the first embodiment, the electronic transaction document is 
sn (hen transmitted to lha respective ffnanoe server 4, 4' or 4 W through lha clearing 
unit 3 and is processed there. 

A paymeni transaction method will now ba irwre closely described with the 
aid of Figure 3. Thfs method can be applied to any embodiments of the invention 
according to Figures 1 and 2. This procedure is generally valid, however, and not 
J5 limited to GSM and UMTS matted*. 

The first column in Ffgure 3 shows the method steps v/hfeh involve mainly 
the mobile radio telephone 1 of Ihe customer; the second describes Che method 
slops which are executed by Ihe terminal 2; the third rotates to the operations of 
(ho service center 4, and the fourth (ho eff acts on IhB various accounts at ihe 
30 financial institution . It must be noted, however, that many method steps can ba 
earned out eithei with the mobile radio telephone 1 , for example as a process 
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inside the SfM cert 1 0, or in the tormina! 2. For exampJa, the data input can fake . 
place either v/ith the terminal or with the mobile radio telephone 1, if this contains 
a keyboard, such as, for e*ampte. a GSM mobile device. 

This method sets the prerequisite In 6tep 200 thai the identification card 10 
5 of the customer comprises e protected memory area in which electronic monetary 
units Bre stored. Value cards in themselves are known; we shall explaf n more 
closely later, with reference to Figure 4, how the monalary amount can be 
reloaded, in additron, the patent application EP S63 10570.0 describes a method 
Of reloading SIM cards with a monetary amount, 

i« The mobile system 1 , respectively 10, is switched Into operation readiness 

in step 201 , for example with the switching on of the mobile device, fn step 202 
the terminal 2 is likewise activated. Then in step 203 the terminal 2 calls the next, 
unspecific customer in a broadcast method (card paging). 

When the connection between the terminal 2 and the mobile radio 
L5 telephone 1, 10 hae been established, the mobile radio telephone presents in 
step 204 its idanfirrcation I DIM (international Debit User Identification) totha 
terminal and the confirmation that it is solvent. The lour is fiJed in a first protected 
area of (he cart. Whether the solvency suffices cannot yet be decided at this 
moment. 

id The terminal 2 oontains a black list, preferably periodically updated by the 

finance server 4, on customare to be blocked. The IDUI transmitted by the 
customer is compared with the black list (step 205) (authorization data), if the 
IDUI presented by the customer it found in tha black list (step 208), a blocking 
flag is set in *tep 207. If there is no correspondence, the transaction amount A 

as can be entered on the keyboard of the terminal 2. In a variant, the tra/wactron 
amount A can a) 60 be entered with the input means 1 1 of the mobile device 1. 
The terminal 2, or in a variant the SJM card 10, then links this amatini to the 
identification of Ihe terminal 2 and of ihe IDUI, and transmits this debit dootiment 
to the customer. Preferably a reference- currency is moreover included, for 

>o example SDR, Euros or dollars. 
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SincB the oomrnunicatten is signed, if can be checked in step 210 whether 
the debit document correlates to the IDUI. If not, (he refusal reason ie displayed 
on (he terminal 2 (step 223). Othejwise a check for a blocking flag ie made in 
step 21 1 . If it la set (212), a cheeky with the finance server 4 follows (step 248). 
s ff it is not set, an area check-up follows (eteji 213). srM cards can thereby be 
blocked depending on the area of use. |f the area check-up is negative, a check- 
up with the finanoe server 4 (atop 24$) follows; otherwise a timeout ohack-vp ra 
made (stop 215). It le checked whether the validation time, during which 
transactions can be carried out without oheckHip, has ar/ready aspired, ff the 

id validation time haa aspired (slop 2f &), a check-up with the finanoe server takes 
place (step 248); otherwise the customer Is asked in step 217 to enter menu-ally 
his user password on the mobife device 1 . If the entered password is conreel 
(step 21 8X the amount A Is converted, if neoeasary, Info the standard currency 
(for example SDR) (step 219). An international application of the concept is 

1$ thereby made possible, Otherwise, the refusal, with indication of reason, ia 
displayed on trta terminal 2 in step 223. 

The mobile radio telephone 1/10 then checks in step 220 whether the 
transaction amount A to be debited fa covered by the monetary amount loaded in 
the second memory area (solvency oheck). If ihie is not the case, this refusal 
M reason is displayed on the screen of the terminal {step 223). 

Whan alJ Ihese checks have been made, the transaction is counted in slop 
222 with a transaction counter Tz which is incremented. This meter corresponds 
to the number of transactions carried out with the card 10. in stop 224. the 
transaction amount A, the terminal identification POSID and the user identification 
25 IDUl are then linked in a transaction document, which is moreover certified end 
optionally encrypted, and posaibJy also compressed. The ECC method {Elliptic 
Curve Cryptosystem) can be used, for example, for the oertification. A suitable 
certification and encryption method will be moro closely explained later as an 
example. 

30 The charged transaction amount A is then debited against ihe stored 

monetary amount aocount in step 225, and the transaction document b filed in a 
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stack on the identification modufe 10 in step 22Q, This card stack at (he customer 
can be cajfed up by tho finance server 4 as needed for the purpose of detailed 
chocking, The customer himself can preferably display on his mobite device 1 the 
transaction documents stored in the stack. 

5 After step 224 the transaction document is presented to the terminal 2 for 

billing, and the ouatomer signature is checked by the terminal (stop 227). 
Optionally, in step 228, a paper receipt is printed ovt on the terminal for Ihe 
customer 

In step 229, ihen in (Tie Eenninal 2, the <febit document is possibly linked 
jo with additional data, and the transaction document is oleclronrcelly signed by the 
terminal 2, optionally compressed and encoded. The electronic transaction 
document prepared in this way is then optionally filed in a stack in the terminal 2 
in step 230. The steck contains transection documents or venous customers. 
The transaction documents are then transmitted during step 231 individually or 
if) grouped to the clearing unit 3. Trio transmission can either take place 

immediately after the transaction, or a plurality of transaction documents from the 
stack can be transmitted at periodic time intervals (for example every hour or 
everyday}. A batch process can also be used to transmit all transaction 
documents, for example at night. 

hi The clearing unit 3 receives individual or grouped transaction documents 

from a plurality of terminals 2 in the same geographic zone {step 234). A plurality 
erf geographical Jy distributed dearino units can be provided. In step 235, Ihe 
clearing unit 3 allocates the transaction documents received from the various 
terminals to the respective financial institutions or services providers, and passes 

w (hese transaction documents on accordingly. 

If the transaction documents are encoded, they first have to be decrypted 
by Ihe clearing unit in order to be allocated (o a finance server 4, 4\ 4", and then 
encoded again by the clearing unit in order to pasfi them on. In a preferred 
variant, however, the data elements in the fields IDUt and possibly POSID of the 
io transaction document, which are needed tor the clearing, are no! encoded by the 
terminal 2. Achieved thereby can be a secured, end-to-end encrypted 
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transmission of the transaction documents between (he lerminals and the finance 
servers 4. 4', 4". 

The responsible finance server receives the transaction documents, in step 
236, and the TTP server 40 decompresses and decrypts ihem (if necessary), and 
J checks (ha authenticity of the signatures troni (he terminal 2 and from the 

idenSficatton module 10. In step 237, it is checked wtietner the POSID andfar (he 
fDW is to be found in a revocation list If the test fa positive (23BJ. because 
neither the terminal identification nor the customer idenfiffcattan IDUr are located 
on the revocation list, a test of (he loading token LT follows in step 239. The 
u loading token LT gives the number of reloading of the card to. This loading 
token re updated in the frnance server (LT,) end in the identification module (LT.) 
after each reloading process, as explained later. A copy of the loading token LT e 
is transmitted in the transaction document In the field JDLfl. The loading token 
LT r , reported by the mobile radio telephone 1, to must be equal to the leading 
u token LT. stored ?n the finance server 4. if reloading documents Are still on the 
way between the finance server 4 and the mobile system 1.10, LT* can also bo 
temporarily smaller than LT,. Tho finance server 4 therefore checks whether 
LT* S LT k . 

If this condition is not verified in step 240, probably an unauthorized 
Jo reloading process was carried out, and tha method goes on to step 241 . 

Distinguished hare ie whether the falsification has been carried out by the temwial 
or by the customer. If the customer is responsible, he is entered on a black list in 
step 242. A customer blocking document is preferably generated and senl fo Uib 
mobile radio telephone 1, 10 of the customer in ordBr to set the blocking flag and 
JJ to disable thfe system, ae well as to aJ terminals or at least all lerminals in a 
predefined geographic area in order to enter this customer in the black fist of that 
temiinaf. if, on the other hend. the problem was caused by the terminal, this 
terminal is entered in a terminal black list in step 243. 

If the loading token check is passed in step 240, the transaction amount A 
to In the transaction document can be debited against a customer control account at 
the financial institution in step 244. In step 245, the transaction amount A is 
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accordingly credited to an account 420. 420' or 420" of the terminal operator at a 
financial institution. Pruoossfng rftaroes can afeo be debited against the account 
420 and/or against a customer account by a financial institution and/or by the 
terminal operator or by the network operator. 

S Then in step 246 the finance server 4 enters this transaction in the 

transaction counter. Then b process follows in step 247 to update the valves of 
the loading token LT« end of the transaction oounter Tz in the mobile radio 
telephone. 

We refer back to the process in the mobile radio telephone 1 . 10. Ag 
ru already expiated, this device arrives at etep 248 if a security problem has been 
noted in alep 212, 214 or 216. In (his case, a complete chec*-up with the finance 
server takes place, preferably via (he mobile radio network 6. The check-up 
comprises, for example, a test and a renewal of the authentication certificate as 
well 83 a check of all executed parameters, for example the loading token LT, the 
15 transaction counter Tz, the black list, etc. ff (ha result of the check-up rs negative 
(step 249) , the blocking flag is set eo that the mobile system 1 is di sab led, or at 
Jeast the respective use in the SIM card 10 (etep 253}. If, on the Other hand, this 
examination shows that mosl probably no falsification was attempted, the 
validation lime is reset in step.250. With the validation time, an identification 
so module can be disabled, for example, if ft has not been used for a predefined 
period, for example one year. This indication must therefore be reset after eaoh 
use. Tha blockfng flag is then cancelled in step 251 , and, if necessary, a new 
area is sot in step 252 

rt is important to note thai the debiting process can take place with different 
25 currencies, for example 041 the basis of the SDR {Special Drawing Rights} 

common in the telecommunications sphere or with another reference currency (tor 
example Euros or dollars). The maxima* amount on the card is defined according 
to (he client class. A default value in SDR is possible as minimal Each terminal 
2 stores the SDR value (e.g currency-specific) relevant for it, which is 
ai> communicated to it by the server in the registration p*ooess. Depending upon 
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exchange rate fluctuations, the terminals are automatically supplied with updated 
exchange rales by the finance server. 

A method of reloading Hie mobile system 1 ( 10 v/iUi 0 monetae antount v/ill 
now be dasorjbed more cf osery with reference to Figure 4. This method can t\ ke- 
3 wise be applied to any embodiment* of the Invention according to Figures 1 or Z 

A reloading process takes pteca in this example wrlh the mobile radio 
telephone 1, 10 of the client and the terminal 2 together. It would also be 
possible, however, to cany out reloading af> the monetary amount on (he 
identification module 10 with a transaction which only affects the mobile- radio 
iu teJephorte 1, 10 end (he service center 4. This solution would have the advantage 
that tha customer wourd not have to 90 to a terminal; certs in security checto 
cannot bo executed in this case, however. This variant i« therefore preferably 
used only for InanernTttmg smaller monetary amounts or when additional security 
mechanisms are provided. A direct reloading process by the finance server 4 
ji could also be used, however. Depending upon the client class, or depending 
upon need, the document card slack el the customer can be called up by the 
finance server for the purpose of detailed checking. After the reloading proofs, 
the stack can ba deleted by the finance server. 

The first column in Figure 4 ahowe the method steps which principally 
20 involve the mobile radio telephone 1, 10; the second describes the method steps 
which are carried out by the terminal 2; (he third rePetes to the operations of the 
service center 4, and tho fourth (he effects on the various accounts at the financial 
institution. II must be noted, however, (hat many method steps can be earned out 
either with the mobile radio telephone 1, 10, for example inside the SIM card 10, 
25 or with the terminef 10. For example, tha steps of the method thai relate to tha 
data input can be carried out either on (ha terminal or on the mobile device, if tho 
mobile device contains an operating unit. The communication between the two 
parts is preferably encrypted, for example wi&i a DEA. DES, TOES, RSAor EEC 
security algorithm. 

JO In step 300, tho mobile radio telephone 1 , 10 is first operatively cleared for 

the reloading process; the terminal 2, for Its part, is &(sd activated <n step 301. 
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terminal 2 then coifs the nead, unspecified mobile system 1, 10 ki a broadcast 
method in step 302 (card paging). 

When fha connection is made betwoan the terminal 2 and the mobile radfo 
telephone 1, 10, the customer presents to the terminal in step 303, hie 
5 identification fOUl (International Debit User Identification) and the type of the 
process to ba started, here e reloading. 

The terminer 2 contains a black list on mobile systems to be blockad 
(revocation list), preferably updated periodically by the finance server 4. The IDUf 
transmitted by the customer compared with the black lie! {step 3D4). Jf the ?DUi 

ii) presented by the customer i3 found in Uie black list (stop 305), a brooking flag is 
set in step 306. Afterwards, or if no correspondence is found, whether the request 
correlates with the IDUi is checked in slop 307. If not. the refusal reason is 
displayed on the terminal 2 (step 31$). Otherwise the backing flag Ps checked in 
step 308. If tt is ee<, the mobile radio telephone 1, 1 0, or at least the respective 

is application In the identification card 1 0, is disabled {step 331). If il is not set, the 
customer is aeked in step 310 to enter hie password manually in the mobile 
device 1 , if the entered password is not correct (step 311 }, (he blocking flag is 
likewise tat, and the refusal reason is displayed on the terminal 2 (step $15); 
otherwise tha method rs dear for reloading, and the customer is asked in Stop 312 
tt to enter a reloading, amount A. in the variant shown, the reloading amount can be 
entered on the terminal 2; (hie amount is linked in step 31 3 with the POSID and 
tha IDUI, signed and transmitted to the card 1 0. The amount A could, however, 
also be captured at the mobile device 1; in this case no terminal is involved and 
the POSID is therefore not needed. 

23 In step 31 A it is checked whether the IDUI in Ins data received from the 

terminal 2 coincide* with the own IDUL If not, the refusal reason is displayed on 
the terminal 2 (step 31 5); otherwise tha desired reloading amounl entered on the 
terminal is dispfayad on the screen of tha mobile device 1 . Then in step 31 G, the 
POSID (optional), the fOUl, the already mentioned number of payment 

30 Iransaotions Tz, the number of reloading processes {LTc, loading token client) 
stored on the card, and the remaining amount on (he card DRA (Debit Rest 
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Amount) are linked, signed encrypted and then optionally compressed. A 
reloading document is thereby produced. Optionally, (he document stack on the 
can* can also be transmitted, for example depending upon the client class, with 
(he issuing of the card, or as needed during uee v/ilh solvency problems. The 
i POSID ib onjy integrated into the reloading document it the cu$tonw hes a mobile 
device v/ilhout eur table mput means. The reloading dooumant ie then Ira nan lilted 
to the finance server 4, A\ respectively A\ through the nalwork6. where the TTP 
server 40 receives, if necessary decrypts end decompresses thfe document in 
step 317, and checks the signature of (he customer end, if applicable, of the 
10 terminal. 

With the aid of the table 31 B, which stores (he number end token relating to 
the processes bai ween the customer and (he finance server, (ha foricwing chocks 
are made in step 319: 

Check of amounts; The sum EA of all amounts loaded on the Identification 
\5 module 10, including the start sum, must be equal to or smaller than (he sum of all 
control Charges 1KB and (he remaining amount DRA on (he identification modulo. 
The sum can be smaller becBuse the documents which ara slill between the 
mobile radio system 1, 10, the clearing unit 3 and (he finance server 4. 4' , 4", 
cannot yel be captured al this moment. 

vj Check of loading token: The number of I oading, or respectively reloadi ng, 

transactions are counted in the mobile radio telephone, for example in the SIM 
card using a token LTc and in the finance Borvar 4 using another token LTs. 
These iwo token <sic. tcfcens> mu£l be equal. 

Check of transaction counter Far each payment transaction, (ha 
is transaction counter Tat m the mobile radio telephone 1, 10 is incremented; ths Tz 
is also earned over in each reloading document. The transaction oountBr T n 
stored at the finance server, which is incremented by (lie documents transferred 
by the customer, must be equal to, or possibly smaller than, the transaction 
counter Tz in (he mobile radio telephone 1.10. 
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rf ona of these ihnee conditions is not ruifflled (step 320), the blocking flag 
is set in stop 321, and the reloading process is refused in step 325. Otherwise, in 
6tep 322, the aooount balance 41 of the customer la checked. If it does net Suffice 
for tha reloading, the refusal is likewise processed in step 325. 

J If the account (or Ihe aocount limit) cf the customer af (he financial 

institution 4 suffices for Ihe amount (o be reloaded (step 322, 323). this amount is 
withdrawn from a customer aocount of the finanoiai institution (324), including any 
fees. At Ihe seme time the requested reloading amount is booked on the control 
account 41. A reloading document is than produced in step 326 from Ihe POSID, 

10 (he IDUJ, the amount A, the new loading token LTn, and a predefined lime-out 
increment TOi. This reloading document is signed in step 327, optionally 
encrypted and compressed, and transmitted to Ihe mobile system 1 , 10 of the 
customer. ThiG fiyetem checks during slep 328 whether the signature in the 
document oomes from the finance server, and verifies during step 329 whether 

13 (he blocking flag is set. if ft is set {step 330), fria mobile radio telephone 1 , or at 
least the respective application, Is disabled in stop 331. Otherwise it is further 
Checked whether the finance server has requested a refuse! (step 332) leading to 
interruption of the procees with display of the reason for refusal {step 334). 

ir all tests have been successfully passed, the card account is booked in 
20 step 335 with the requested reloading amount The old loadi ng token ITc is then 
replaced by [he now loading token LTn (step 336), transmitted by the finanoe 
seivar. The transaction counter Tz on the card is set back in Ihe next step 337, 
and (he lime-out TOi ie reset in step 32$. in addition, a navy area is set in step 
340 if, in step 339, it is determined thai the POSIO is contained in tha retoading 
is document, 

Tha reloading amount is then displayed as confirmation, eloper on the 
screen of the mouife device or on the terminal (slap 341). Finalty. the total 
balance of the account on Ihe card is also displayed (step 342). 

In the example described with the afd of Figures 3 and 4, the 'real" bank 
30 eocounl of.the customer at the financial institution is already debited during 
reloading of the caid. Olhar payment variants, for exampto with credit cards or by 
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drawing up an invoice, are also poss&ia of course wifhin the frarneworic of this 
invention. In a variant, the system can afso Unction as a credit system; in (his 
case the bank account of the customer is first debited when the finance server 7 
receivee a transaction document The monetary amount stored in Che second 
5 memory area of the card serves in this case only as lha expenditure tfmft. 

The securing of data transmissions Irwugh cryptograph/ is carried out 
differently in two different segments. Between the customer and the termfnal, the 
communication through the air interface is secured, for example, through an 
algorithm, such as DES, TDES. RSA or EEC. Between tha customer and fho 

10 finance server, on the othor hand, Ihe TTP (Trusted Third Party) method, or 
optionally a PTP {PoinMTo-Point) method ra used. The necessary elements are 
integrated on tho identification element 10 end in the TTP server 40. The 
transaction documents are preferably encrypted with a symmetrical algorithm, 
whereby tho symmetrica] algorithm uses a session key encrypted with an 

is asymmetrical algorithm, tn addition, the transmitted transaction documents are 
preferably certified. 
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t, Finanda) transaction method between a customer and a terminal (2), 
the said customer being equipped with a mobile radio telephone which can be 
used in a mobile radio network (6). the mobile radio telephone comprising a 

s mobile device (1 ) and a removable identification module, fn which at least a 
customer idontifi cation and a monetary amount can be stored, the said 
monetary amount being able to be reloaded with the aid of secured reloading 
documents from a service center (4), which reloading documents an? 
transmitted by mesne of digital messages via the caid mobiia radio network (6), 

10 wharain ft comprises the fotbwi ng steps: 

- transmitting the said customer identification to the terminal (2) via a 
conlactless interface between (ho said identification module (1 0) and the said 
terminal (2), 

* checking in the terminal the authorization of the customer, identified by 
15 means of the said transmitted customer identification, to carry out a financial 
transaction, this checking tBking plaoe with authorization data which are 
transmitted to the terminer (2) vie a public switched telephone network {5) , 

- transmitting an electronic transaction amount to the terminal (2) vie the 
sard contact less interface, 

3a - charging ths stored monetary emount depending upon (ha transmitted 

transaction amount, 

- preparing in the terminal (2} a transaction document, which contains 
the said customer identification, a terminal identification 63 well as an 
indication of the said transaction amount, 

is electronic signing of the said transaction document by the terminal (2), 
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- paying mto an account of the operator of fie terminal [2), iT the signature 
corresponds to an authorized terminal (2). 

2. Transaction method seconding to (he preceding claim, wherein the said 
service center (4} operates a control account (41) for each customer in which is 

5 stored (he value of the monetary amount stored in the identification module, this 
control account being updated during each reloading of the said monetary amount 
and during reception of transaction document*. 

3. Transaction method according to <he preceding claim, wherein the said 
transaction documents are conducted to the said service center (4) by a clearing 

IP unit (3). 

4. Transaction method according to one of the preceding claims, wherein 
(he data transmitted from the aaid mobile radio telephone (1.10) to the terminal 
(2} via the said contactlees interface are provided with en electronic signature of 
the identification module (10). 

:s 5. Transaction method according to (he preceding claim, wherein the said 

electronic signature of the identification module (10) is checked in the terminal (2). 

6. Transaction method according to one of the claims 4 or 5, wherein the 
said electronic signature of fho identification module (10} is. passed on to the 
service center (4) and is checked by this service oenter 
» 7. Transaction method according to one of the preceding claim*, wherein 

(he transaction documents can ba transmitted in batch mode to the said service 
center (4} via (he said public switched telephone network (5). 

8. Transaction method according to one of the preceding claims, wherein 
the sard terminals contain a customer black list, which can be updated by the said 

2$ service canter (4) via the said public switched t elephona network, and wherein the 
transaction is interrupted if the received customer identification is contained in this 
black lisL 

9. Transection method according to one of the preceding claims, wherein 
the said servioe center (4) can disable the said identification modules (1 0) with 
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the aid of customer blocking documents transmitted via foe said mobile radio 
network (6). 

10. Transaction method according to arte of the preceding claims, wherein 
the said sejvice center (4) can disable (ha said terminals (2) with the aid of 
s terminal blocking documents transmitted via fhe said public switched telephone 
network (5). 

f 1 , Transaction method according to ona of the preceding claims, wherein 
the identification module (10) is a SIM card. 

12. Transaction method according to claim 2, herein the Identification 
ui module is a transponder (t n> ). 

and the mobile- device {24] is contained in the terminal (2). 

13. Transaction mettiod according to one of the preceding claims, wherein 
the identification module (10, 10*} communicates with the terminal (2) vie an 
integrated inductance In Mis identification module (10, 10/). 

15 14. Transaction method according to one of Ihe poweding claims, wherein 

the identification module (10) communicates wilh the terminal (2) wilh the aid of 
an inductance Integrated into the mobile device (1 ). 

16. Transaction method according to one of Ihe claims 1 to 1 3, wherein Iho 
identification module (10) communicates with the terminal (2) wi(h the aid of an 

3a infrared iransca i ver integrated into the mobile device (1 ). 

16. Transaction method according to one olthe preceding claims, wherein 
at least certain date, which <sic> transmitted between Ihe terminal (2) and Ihe 
identification module (10, 10') via the said contactless interface (1 01-20), are 
encrypted and/or signed, 
aj 17. Transaction method according lo one or the preceding claims, wherein 

the said transaction documents are encrypted. 

18. Transection method according to the preceding claim, wherein the said 
transaction documents are not decrypted during the transmission. 
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19. Transection method according to on© of the claim* 17 or 18, wherein 
the data elements {IDUt), which are needed for the clearing in the said clearing 
unit [3), are not encrypted, so thaf the clearing unit does not have to decrypt the 
transaction documents. 

5 20. Transaction method ecoordmg to one of the preceding claims, wherein 

the transection documents (90) are encrypted with a symmetrical algorithm, tlte 
symmetrical algorithm using e session key encrypted with an asymmetrical 
algorithm. 

21 . Transaction method according 10 one of the preceding claims, wherein 
id the transaction documents transmitted through the known public established <sic. 

switched> telephone network (5) are certified and/or signed. 

22. Transaction method according to one of the preceding claims, wherein 
the said transection document can be read or captured In the terminal (2). 

23. Transaction method according to one of the preceding claims, whsrain 
ii the said transection document can be read or captured in the mobile device (1). 

24. Transection method according to one of the preceding claims, wherein 
the service center (4) stoma a terminal black list and wherein the method [a 
interrupted if the received terminal identificetfon (POSID) is conlaEned In the 
terminal black lisL 

2t> 25. Transection method according to one of the preceding claims, wharein 

the service carter (4) stores a customer black I let, and wherein the method is 
interrupted if the cue to mar identification (lOUi) Is contained tn the customer black 
list. 

26. Transaction method according to one of the preceding daims wherein 
25 the identification eremenl {10) contains a stack with data about transactions 
already earned out, 

and wherein these data can be ceded tp by the sarvtoe center (4). 
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